aaa 
CHAPTER 


1 


A First LOOK AT WINDOWS 
2000 PROFESSIONAL 


After reading this chapter and completing the exercises, 
you will be able to: 


Describe the Windows 2000 product family 
Describe the major features of the Windows 2000 environment 
Understand the architecture of Windows 2000 


Define the minimum system requirements for Windows 2000 
Professional 


+ +» ad 


+ Understand the two major networking models under which 
Windows 2000 can be used 


he technological achievements in the computing world are advancing faster 

than ever before. Consumers can purchase computer systems with power and 
capabilities that were mere fantasies just a few years ago, and do so at a lower cost. 
Microsoft has endeavored to maintain a competitive edge on these new power- 
ful systems by continuing to evolve its operating system products. The latest man- 
ifestation of the Microsoft operating system product line is Windows 2000, which 
is a network and desktop operating system designed to take advantage of new 
hardware and the Internet to produce unsurpassed performance for network 
activities and application execution. 
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THE MicRosortT NETWORKING FAMILY 


The Microsoft networking family is a collection of operating systems from Microsoft that 
offers the capability to participate in a network as either a server or client. This family includes 
operating systems currently in production as well as older products. Products in production 
include Windows 2000 and Windows 98; older family members include Windows NT, 
Windows 95, and Windows for Workgroups. 


Windows 2000 Family 


The Windows 2000 product family, the latest from Microsoft, brings together the best of 
Windows NT and Windows 95/98 with advanced Internet, security, and connectivity 
technologies. The result is a network and desktop operating system that offers unsurpassed 
functionality, security, resource management, and versatility. Windows 2000 consists of four 
products: Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 
Professional, and Windows 2000 Datacenter Server. 


Windows 2000 Server 


Windows 2000 Server is the successor to Windows NT 4.0 Server and is the core compo- 
nent in a client/server network environment. It establishes and maintains a domain in which 
other servers and thousands of clients can easily and productively participate. One of the most 
significant improvements to Windows 2000 Server as compared to Windows NT 4.0 Server 
is the introduction of Active Directory. Active Directory is a mechanism to centralize net- 
work resource and security management, administration, and control. Active Directory com- 
bines previously separate organizational structures into a single manageable whole that 
includes users, groups, security, services, network resources, and more. 


In addition to improved security and resource management, Windows 2000 Server offers 
many other improvements for networks. These include Web and Internet services that enable 
improved access to existing resources and that simplify and strengthen the ability to host ser- 
vices and resources over intranets and the Internet. Windows 2000 Server is ideal for sup- 
porting network applications on small to medium-sized domains. Windows 2000 Server 
supports up to four processors out of the box and up to 4 GB of RAM. 


Windows 2000 Advanced Server and Datacenter Server 


Windows 2000 Advanced Server is an enhanced version of Windows 2000 Server focused 
on the high-end use of multiple processors and/or clustered processors. Advanced Server was 
developed to host high-end network applications, such as distributed databases, and to pro- 
vide unparalleled performance in which instant access, wide availability, scalability, and fault 
tolerance are required. 


Windows 2000 Datacenter Server offers even greater power and capabilities. It is designed 
for data warehousing, complex mathematical analysis, three-dimensional rendering, real-time 
transaction processing, and enterprise Internet Service Provider (ISP) Web site hosting. 
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Windows 2000 Advanced Server supports up to eight processors out of the box and up to 
8 GB of RAM. Special Datacenter Server versions supporting up to 32 processors and 64 GB 
of RAM are available. 


Windows 2000 Professional 


Windows 2000 Professional is the standalone or client version of Windows 2000. Designed 
for speed and reliability, Windows 2000 Professional brings a solid computing environment 
to desktop and mobile computers. Windows 2000 Professional is the ideal client operating 
system for connecting to and interacting with a Windows 2000 domain.The majority of this 
book focuses on this product. 


Windows 98 


Windows 98 is the latest home computer operating system from Microsoft. In the second 
quarter of 1999, Microsoft released an updated version of the product, called Windows 98 SE 
(Second Edition). It contained several code patches and several new utilities and related soft- 
ware products. 


All of the most important Windows 98 update items are available for download from 
the Windows 98 Web area (www.microsoft.com/Windows), but the new bells and 

whistles are available only when you purchase the upgrade. 
Windows 98 offers home users an easy-to-use computing environment for work produc- 
tivity, Internet access, education, and entertainment. Windows 98 focuses on ease of use and 
a wide range of hardware support. It lacks security features and fault tolerance. Windows 98 
does not have as stringent minimal system requirements as Windows NT or Windows 2000 
Professional and is thus often the preferred operating system for older or less powerful 
computer systems. 


Microsoft has plans to develop a home user version of Windows 2000, to be released 
in 2001 or 2002. 


Earlier Windows Operating Systems 


As Microsoft releases updated and improved products to keep up with technological 
advances, its previous releases are pushed to the side. In that context, Windows 2000 has 
recently pushed Windows NT aside. Many products that are still modestly supported by 
Microsoft but are no longer actively developed are still widely used in networks. 


Microsoft would like users to upgrade to the latest product releases as soon as possible to 
bring networks into compliance with current technologies. However, the expense of new 
products is often prohibitive for companies and individuals. Generally, you should upgrade 
only when technical support for your existing platform is no longer cost-effective and when 
the needs of your work tasks exceed the capabilities of your current system. 
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Windows NT, like Windows 2000, is a family of network operating systems: Windows NT 
Workstation, Windows NT Server, and Windows NT Enterprise Edition. These three versions 
serve functions similar to those of the Windows 2000 variants. If you would like more infor- 
mation on Windows NT, see the Windows NT Web area at http: //www.microsoft.com/windows / 
or Guide to Windows NT Workstation 4.0, by Ed Tittel, Christa Anderson, and David Johnson 
(Course Technology, 1998, ISBN 0-7600-5098-8). 


THE WiNDOws 2000 ENVIRONMENT 


The Windows 2000 operating environment is a hybrid of Windows NT and Windows 98. 
The combination of the Windows NT core reliability and security with the Windows 98 
Plug and Play capability and connectivity results in an operating system that is unsurpassed 
in function and features. The following sections highlight many of the characteristics of the 
Windows 2000 environment. 


Portability 


Windows 2000 can be installed on Pentium class (or higher, or equivalent compatible clones) 
x86 CPUs. 


Windows NT 4.0 did support PowerPC and MIPS R4x00 CPUs. However, in January 

1997, Microsoft announced the termination of continued support for these CPU types. 
Thus, these systems hosting Windows NT 4.0 cannot be upgraded to Windows 2000. 
Originally, Microsoft planned Windows 2000 support for the Compaq Alpha platform. 
Unfortunately, all Alpha platform develpment was cancelled after Compaq decided to 
discontinue Windows NT/2000 development on the Alpha. 


Multitasking 


One of the great features of Windows 2000 is multitasking—a mode of CPU operation in 
which a computer processes more than one task at a time. Windows 2000 supports two types 
of multitasking—preemptive and cooperative. Preemptive multitasking defines a processor 
scheduling regime in which the OS maintains strict control over how long any execution 
thread (a single task within a multithreaded application, or an entire single-threaded applica- 
tion) may take possession of the CPU. The reason this scheduling regime is called preemptive 
is because the operating system can decide at any time to swap out the currently executing 
thread should another, higher-priority thread make a bid for execution (the termination of 
the lower-priority thread is called preemption). Windows 2000 supports multiple threads, and 
allows multiple duties to be spread among multiple processors. Most native Windows 2000 
applications are written to take advantage of threads, but older applications may not be as 
well equipped. 

Cooperative multitasking defines a processor scheduling regime wherein individual appli- 


cations take control over the CPU for as long as they like (because this means that applications 
must be well-behaved, this approach is sometimes called “good guy” scheduling). Unfortunately, 
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this type of multitasking can lead to stalled or hung systems, should any application fail to release 
its control over the CPU. Windows 3.x is one of the best examples of this type of environ- 
ment because it runs on top of MS-DOS, a single-threaded operating system. In contrast, 
native 32-bit Windows 2000 applications are not hindered by such limitations. The default for 
Windows 2000 is that all 16-bit Windows applications run within a single virtual machine, 
which is granted only preemptive CPU access. This guarantees that other processes active on a 
Windows 2000 machine will not be stymied by an ill-behaved Windows 3.x application. 


Multithreading 


Multithreading refers to a code design in which individual tasks within a single process 
space can operate more or less independently as separate, lightweight execution modules, 
called threads. (Threads are called lightweight execution modules because switching among 
or between threads within the context of a single process involves very little overhead, and 
is therefore extremely quick.) A thread represents the minimal unit of code in an application 
or system that can be scheduled for execution. 


Within a process, all threads share the same memory and system resources. A process, on the 
other hand, is a collection of one or more threads that share a common application or sys- 
tem activity focus. Processes are called heavyweight execution modules because switching 
among processes involves a great deal of overhead, including copying large amounts of data 
from RAM to disk for outbound processes, and repeating that process to copy large amounts 
of data from disk to RAM for inbound ones. Under Windows 2000, it normally takes more 
than 100 times longer to switch among processes than it does to switch among threads. 


Multithreading allows an operating system to execute multiple threads from a single appli- 
cation concurrently. If the computer on which such threads run includes multiple CPUs, 
threads can even execute simultaneously, each on a different CPU. Even on single-CPU 
computers, threaded implementations speed up applications and create an environment in 
which multiple tasks can be active between the foreground (what’s showing on the screen) 
and the background (what’s not on screen). Windows 2000 is unusually adept and efficient 
at multithreading. 


File Systems 
Windows 2000 supports three file systems: 


a EAT (file allocation table): The file system originally used by DOS (actually, the 
Windows 2000 implementation is an extension of Virtual FAT, or VFAT, which 
includes support for long filenames and 4 GB files and volumes). Windows 2000 
FAT is also known as FAT 16. 


a FAT32: An enhancement of the FAT16 file system developed for Windows 95 
OSR2 and included in Windows 98. Windows 2000 includes support for FAT32 
primarily to gain the 32 GB file and volume size improvement over FAT 16. 
FAT32 volumes created by Windows 95 OSR2 or Windows 98 can be mounted 
under Windows 2000. 
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a New Technology File System (NTFS): A high-performance, secure, and object- 
oriented file system introduced in Windows NT. This is the preferred file system 
for Windows 2000. 


HPFS (High Performance File System), originally present in OS/2 and LAN Manager. 


Versions of Windows NT up through 3.51 (that is, not including 4.0) supported the 
Windows 2000 does not support HPFS. 


Active Directory 


Active Directory is a new control and administration mechanism of Windows 2000. Active 
Directory is supported by Windows 2000 Server and Advanced Server to create, sustain, and 
administer a domain or group of related domains. Active Directory combines the various 
aspects of a network—namely users, groups, hosts, clients, security settings, resources, net- 
work links, and transactions—into a manageable hierarchical organizational structure. Active 
Directory simplifies network administration by combining several previously distinct activi- 
ties, including security, user account management, and resource access, into a single interface. 


Windows 2000 Professional does not include support utilities for installing or managing 
Active Directory. However, by joining a domain, Windows 2000 Professional will interact 
with the Active Directory for all resource- and security-related communications. 


Security 


Windows 2000 incorporates a variety of security features, all of which share a common aim: to 
enable efficient, reliable control of access to all resources and assets on a network. To that end, 
the Windows 2000 security features begin with a protected, mandatory logon system. These fea- 
tures extend to include memory protection, system auditing over all kinds of events and activ- 
ities, precise controls on file and directory access, and all kinds of network access limitations. 


Windows 2000 is an operating environment developed to address the following business 
security needs: 


a Enterprise isolation 

a Multilevel security 

a Auditing and resource tracking 

a Isolation of hardware-dependent code 


Also, numerous third-party companies offer security enhancements or extensions to 
Windows 2000 that cover everything from biometric authentication add-ons (so fingerprints 
or retinal scans can be used to control system access) to firewalls and proxy servers to isolate 
Windows 2000-based networks from the Internet or other publicly accessible networks. 


One of the more popular enhancements to the Windows 2000 security system is the inclu- 
sion of the Kerberos v5 authentication protocol. Basically, Kerberos is used to authenticate 
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a client to a server (that is, to ensure that they are both valid members of a domain) before 
communication between them is permitted. 


Multiple Clients 


Windows 2000 Server supports a wide variety of potential client platforms that can interact 
with resources on a Windows 2000-based network. Please note that the following list of clients 
includes two third-party operating systems, as well as a broad range of Microsoft products. 


a Windows 95 and Windows 98 

a Windows 3.x and Windows for Workgroups 
a MS-DOS 

a Macintosh 

a OS/2 

a Windows NT Workstation 

a Windows 2000 Professional 


based network, any computer that supports this protocol can function as a client, even if 
with only limited capabilities. Because nearly all versions of Unix include built-in support 
for TCP/IP, this extends the reach of Windows 2000-based networks considerably. 


If TCP/IP (Transmission Control Protocol/Internet Protocol) is used on a Windows 2000- 


Multiple Processors 


Windows 2000 supports true multiprocessing—support for up to two CPUs is included in 
every standard version of Windows 2000 Professional. Only Windows 2000 Server and 
Advanced Server have options for more than four CPUs, and then only in specialized versions. 


On multiple-CPU systems, as many processes or threads as there are CPUs can execute simul- 
taneously. This means that multiple applications can execute at the same time, each on a 
different processor. The network administrator can adjust the priority levels for different proces- 
sors, to make sure that preferred applications get a bigger slice of the CPUs that are available. 


Compatibility 


Windows 2000 supports a wide range of applications. This is accomplished through applica- 
tion subsystems that emulate the native environment of each application type. In other 
words, a virtual machine is created for applications in such a way that they are fooled into 
seeing themselves as the sole inhabitant of a computer system that matches their execution 
needs. Windows 2000 supports the following application types: 


a DOS 16-bit 
m Native 32-bit (Win32) 
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m OS/2 1.x character-based 


a POSIX.1-compliant (POSIX is a platform-independent OS specification based 
on Unix; 1.1 represents the lowest level of recognized POSIX compliance.) 


a Windows 3.1 and Windows for Workgroups 16-bit (Win16) 


ular Windows 32-bit business programs. It also supports MS-DOS-based programs, 


Windows 2000 Professional supports most Windows 95/98-based programs, in partic- 


Storage 


except for those that access the hardware directly. 


Windows 2000 Professional supports huge amounts of hard disk and memory space: 


a RAM: 4 GB Intel (Note: Only half of the maximum RAM is available to any single 
process, including the OS kernel itself.) 


a Hard disk space: 2 TB (terabytes) for NTFS volumes, 32 GB for FAT32 volumes, 
and 4 GB for FAT16 volumes 


Connectivity 


Windows 2000 supports a wide variety of networking protocols. The following protocols are 
included in the core OS: 


a AppleTalk: The protocol suite developed by Apple for use with Macintosh com- 
puters. Note: Windows 2000 Professional can use AppleTalk to communicate with 
Apple printers and similar devices, but (unlike Server) it does not support client 
services for Macintosh users. In addition, AppleTalk remote access is supported by 
the AppleTalk Remote Access Protocol (ARAP) and the AppleTalk Control 
Protocol (ATCP). 


a Data Link Control (DLC):The protocol used to connect to IBM mainframes 
and network-attached printers 


a NetBIOS Enhanced User Interface (NetBEUI): An enhanced set of network and 
transport protocols built in the late 1980s to carry NetBIOS information, when 
earlier implementations became too limiting for continued use 


a NWLink: Microsoft’s 32-bit implementation of Novell’s NetWare native protocol 
stack, IPX/SPX (Internetwork Protocol Exchange/Sequenced Packet Exchange) 


a TCP/IP (Transmission Control Protocol/Internet Protocol): The set of protocols 
used on the Internet, which has been embraced by Microsoft as a vital technology 
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Windows 2000 is compatible with many existing network types and environments, and it 
has native support for the following: 


a TCP/IP intranets/Internet 

m Integrated remote access networks 

a Macintosh networks 

a Microsoft networks (MS-DOS, Windows for Workgroups, LAN Manager) 


a Enhanced NetWare connectivity 


WINDOWS 2000 PROFESSIONAL HARDWARE REQUIREMENTS 


Windows 2000 Professional requires a minimum configuration of hardware to function. It is 
important that your system comply with these minimum requirements. However, in nearly 
all cases, you should attempt to purchase the fastest, largest, or best device you can afford. The 
minimum requirements will enable functionality but will not provide optimum perfor- 
mance. Here are the Microsoft-defined minimum requirements: 


a 166 MHz Pentium or higher microprocessor (P5 or equivalent compatible clone) 
a 32 MB of RAM for Intel (64 MB or more recommended; 4 GB maximum) 
a 2 GB hard disk with a minimum of 650 MB of free space 
a VGA or higher resolution monitor 
a Keyboard 
a Microsoft Mouse or compatible pointing device (optional) 
If you are installing from a CD-ROM drive, you’ll need: 
a A CD-ROM drive (12X or faster recommended) 


a High-density 3.5-inch disk drive, unless you configured your PC to boot from 
the CD-ROM drive, and can start the Setup program from a CD, or if you have 
an existing OS that can access the CD-ROM drive 


If you are installing over a network (Intel only), you'll need: 
a Windows 2000-compatible network interface card (NIC) and related cable 


m Access to the network share that contains the setup files 


Hardware Compatibility List (HCL) 


When it comes to configuring a Windows 2000 machine, the Microsoft hardware 
compatibility list (HCL) is an essential piece of documentation. The HCL supplies a 
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list of all known Windows 2000-compatible hardware devices at the time of its creation. 
The HCL also points to each device’s driver—which may be native (included as part of 
the Windows 2000 installation program), on a subdirectory on the Windows 2000 CD, 
or available only from the device’s vendor. Because Windows 2000 works properly only 
if a system’s hardware is Windows 2000-compatible, it’s always a good idea to use the 
HCL as your primary reference when evaluating a prospective Windows 2000 system, or 
when selecting components for such a system. 


Finding the HCL 


Finding the HCL is not always easy. The easiest place to look is on your Windows 2000 
CD-ROM, where it resides in the Support folder as a text and a Help file. But the HCL is 
not a static document—Microsoft’s Quality Labs are constantly updating this file. The ver- 
sion of the HCL on the Windows 2000 CD-ROM will quickly become outdated because 
lots of new drivers and devices are introduced on a regular basis. 


It's a good idea to look for the most current version of the HCL, especially when you'll be 
lm working with brand-new hardware. The most recent version of the HCL is available for online 
viewing on Microsoft's Web site at: http://www.microsoft.com/hcl/default.asp. On the 


other hand, if you have access to a copy of the TechNet CD, a new copy is published each 
time it changes, so the most recent CD is guaranteed to be less than four months old. 


Why the HCL Is So Important 


Windows 2000 controls hardware directly; unlike other operating systems, it does not require 
access to a PC’s BIOS (basic input/output system) as is the case with Windows 95/98 and 
earlier versions of DOS and Windows. Although this gives Windows 2000 a much finer 
degree of control over hardware, it also means that Windows 2000 works only with devices 
with drivers written specifically for its use. This is especially true for SCSI adapters, video 
cards, and network interface cards. 


; eauTION FUE! 


Don't be misled into thinking that because a device works with Windows 95 or Windows 98, or 
even with Windows NT, that it will work as well (or at all) with Windows 2000. There's no sub- 
stitute for systematically checking every hardware device on a system against the HCL to deter- 
mine conclusively whether it will work with Windows 2000. 


In addition, it is important to note that Microsoft’s technical support policy is that any hard- 
ware that is not on the HCL is not supported for Windows 2000. If you ask Microsoft for 
support on a system that contains elements not listed in the HCL, they may blame all prob- 
lems on the incompatible hardware, and not provide any support at all. 
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Fortunately, Windows 2000 automatically investigates your hardware and determines 
whether the minimum requirements are met and if any known incompatibilities or 

possible device conflicts are present in the system. So, if you check out the major compo- 

nents manually on the HCL, you can probably get away with letting the installation 

routinely check the rest of the system. If you really want to be sure your components are 
compatible, you can employ the Windows 2000 Hardware Compatibility Tool to detect 

your hardware and declare it compatible or not. This tool can be ordered online at: 
http://www.microsoft.com/hwtest /default.asp. 


Preparing a Computer to Meet Upgrade Requirements 


To upgrade a computer from a previous operating system to Windows 2000, you must first ver- 
ify that the components of the computer match or supercede the minimum system require- 
ments. Preparing a computer to meet upgrade requirements simply means you need to verify 
that each of the main system components (CPU, memory, storage space, video, keyboard, mouse, 
etc.) meet the requirements defined by Microsoft. To perform this activity, follow these steps: 


1. Open the computer case. 
2. Make a list of all present components including model and maufacturer. 


3. For each of the hardware requirements of Windows 2000, verify that the 
component in your computer meets or exceeds the requirements. 


4. For each additional component found in the computer, verify that it is listed on 
the HCL. 


5. Remove any non-HCL compliant devices and replace them with HCL-compliant 
devices. 


6. Proceed with your system installation. 


FEATURES OF WINDOWS 2000 PROFESSIONAL 


Windows 2000 combines Windows NT and Windows 98 features and capabilities with 
newly developed technologies. This section highlights some of the more outstanding features 
of Windows 2000 Professional. 


Ease of Use 


Building on the intuitive interface of Windows NT 4.0 and Windows 98, Windows 2000 
offers even more features to simplify computer interaction, including: 


a The Start menu automatically displays only the most commonly accessed items, 
making it easier to locate often-accessed tools. 


a Dialog boxes for opening and saving files provide more detailed information 
(see Figure 1-1). 


a Error messages are more detailed and context driven to aid in problem resolution. 
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a New Control Panel wizards simplify hardware installation and configuration 


(see Figure 1-2). 


a AutoComplete remembers previously used text strings, allowing for quick reaccess. 


a Customized toolbars and personalized menus are available in most native utilities. 


a Improved network connections simplify the establishment and tuning of network 
connections of all types (including RAS/DUN,VPN, LAN, WAN, and direct 
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Figure 1-1 Dialog boxes now contain more detailed information 
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Figure 1-2 The Windows 2000 Professional Control Panel 
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Storage Improvements 


Windows 2000 offers several storage-related improvements. Support for the popular 
Windows 98 (and Windows 95 OSR2) file system FAT32 is included. NTFS has been 
improved with support for EFS (Encrypting File System), enhanced content indexing to 
speed searches, and improved file object properties for identifying and grouping file objects. 
A disk defragmentation tool (see Figure 1-3) and a disk cleaning tool (which locates and 
removes orphaned files) have been added to the disk tool arsenal. 
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Figure 1-3 The Windows 2000 defragmentation tool 


Internet Access 


Interacting with the Internet has also been enhanced. AutoComplete allows quick reac- 
cess to previously typed URLs or when filling out Web-based forms. A search assistant (see 
Figure 1-4) can help locate resources more efficiently. Printing to URLs, browser-based 
print queue status, and Internet downloadable printer drivers are all new features of the 
Windows 2000 Internet capabilities. 
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Figure 1-4 The Search tool 


Security 


Windows 2000 builds on the existing security structure of Windows NT and provides sev- 
eral enhancements. The most publicized enhancement is the use of the Kerberos authenti- 
cation protocol to verify the server and client before communication over a LAN or WAN 
link is permitted. EFS, an extension of NTFS, allows files and volumes to be encrypted 
using a public-key scheme to prevent unauthorized access to confidential files.VPN (virtual 
private network) security is improved by the addition of the IPSec and L2TP protocols (for 
PPTP). Windows 2000 also includes support for smart cards—credit-card-sized devices that 
store information about the user who carries them, which is authenticated using a personal 
identification number—and other physical authentication methods. 


NETWORKING MODELS 


There are two networking models to which a Windows 2000 Professional computer can belong: 
a workgroup or a domain. 


Workgroup Model 


Microsofts workgroup model for networking distributes resources, administration, and 
security throughout a network. Each computer in a workgroup may be either a server or a 
client, or both. All computers in a workgroup are equal in stature and responsibility, and are 
therefore called peers. That’s why a workgroup model network is also known as a peer-to- 
peer network. 


In a workgroup, each computer also maintains its own unique set of resources, accounts, and 
security information. Workgroups are quite useful for groups of less than 10 computers, and 
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may be used with groups as large as 25 to 50 machines (with increasing difficulty). Table 1-1 


lists the pros and cons of workgroup networking. 


Table 1-1 Pros and Cons of Workgroup Networks 
Advantages Disadvantages 


Easy-to-share resources No centralized control of resources 


Resources are distributed across all machines No centralized account management 


Little administrative overhead No centralized administration 


Simple to design No centralized security management 


Easy to implement Inefficient for more than 20 workstations 


Convenient for small groups in close proximity Requires user accounts on each peer 


Less expensive, does not require a central server | Increased training to operate as both client 
and server 


Domain Model 


By requiring one or more servers to be dedicated to the job of controlling a domain, the 
domain model adds a layer of complexity to networking. But the domain model also 
centralizes all shared resources, and creates a single point of administrative and security 
control. In a domain, it is recommended that any member of the domain act exclusively 
either as a client or as a server. In a domain environment, servers control and manage 
resources, whereas clients are user computers that may request access to whatever resources 
are controlled by servers. 


Its centralized organization makes the domain model simpler to manage from an adminis- 
trative and security standpoint, because any changes made to the domain accounts database 
will automatically proliferate across the entire network. According to Microsoft, domains are 
useful for groups of 10 or more computers. Microsoft estimates that the maximum practical 
size of a single domain is somewhere around 25,000 computers, but also describes other 
multidomain models that it claims can grow to almost arbitrary sizes. In real-world applica- 
tion, 3000 computers is believed to represent a reasonable upper boundary on the number 
of machines in a single domain. 


No matter how many computers it contains, any Windows 2000 domain requires at least one 
domain controller (DC).The domain controller maintains the domain’s Active Directory, 
which stores all information and relationships about users, groups, policies, computers, and 
resources. More than one domain controller can exist in a domain. In fact, it is recommended 
that you deploy a domain controller for every 300 to 400 clients. Unlike domain controllers 
in a Windows NT 4.0 network, all Windows 2000 domain controllers are peers. All other 
servers and clients on a domain-based network interact with a domain controller to handle 
resource requests. Table 1-2 summarizes the pros and cons of the domain model. 
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Table 1-2 Pros and Cons of Domain Networks 
Advantages Disadvantages 


Centralized resource sharing Significant administrative effort and overhead 


Centralized resource controls Complicated, convoluted designs 


Centralized account management Requires one or more powerful, expensive 
servers 


Centralized security management Bulletproof security is hard to achieve 


Efficient for virtually unlimited workstations Expense for domain controllers and access lags 
increases with network size 


Users only need to be trained to use clients Some understanding of domain networks 
remains necessary 


Not restricted to close proximity Larger scope requires more user documenta- 
tion and training 


WiInDows 2000 ARCHITECTURE 


The Windows 2000 internal organization and architecture deeply influence its capabilities 
and behavior. The following sections explain the Windows 2000 operating system compo- 
nents and its two major operating modes in detail. 


Windows 2000 is a modular operating system. In other words, Windows 2000 is not built as 
a single, large program; instead, it is composed of numerous small software elements, or mod- 
ules, that cooperate to provide the system’s networking and computing capabilities. Each 
unique function, code segment, and system control resides in a distinct module, so that no two 
modules share any code. This method of construction allows Windows 2000 to be easily 
amended, expanded, or patched as needed. Furthermore, the Windows 2000 components 
communicate with one another through well-defined interfaces. Therefore, even if a module’s 
internals change (or a new version replaces an old one), as long as the interface is not altered, 
other components need not be aware of any such changes (except perhaps to take advantage 
of new functionality that was hitherto unavailable). 


All Windows 2000 processes operate in one of two modes: user mode or kernel mode. A 
mode represents a certain level of system and hardware access, and is distinguished by its pro- 
gramming, the kinds of services and functions it is permitted to request, and the controls that 
are applied to its requests for system resources. Each mode contains only whatever specific 
components and capabilities might be needed to perform the set of operations that is legal 
within that mode. The details of what’s inherent to user mode and kernel mode are explained 
further in the following sections. The use of modes in Windows 2000 is very similar to their 
use in Unix and VMS, and provides further proof of the modularity and built-in security 
mechanisms in Windows 2000. 
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system resource ultimately becomes a request for a particular object. An object is a col- 
lection of attributes with associated data values, plus a set of related services that can 
be performed on that object. Files, folders, printers, and processes are examples of 
objects. Because objects may be shared or referenced by one or more processes, they 
have an existence independent of any particular process in the Windows 2000 envi- 
ronment. Objects are identified by type (which defines what attributes and services 
they support) and by instance (which defines a particular entity of a certain type—for 
example, there may be many objects of type “file,” but only one object can have a par- 
ticular unique combination of directory specification and filename). Windows 2000 can 
control access to individual objects, and it can even control which users or groups are 
permitted to perform particular services related to such objects. 


Windows 2000 is an object-oriented operating system; in user mode, any request for a 


User Mode 


All user interaction with a Windows 2000 system occurs through one user mode process. 
User mode is an isolated portion of the system environment in which user applications 
execute. User mode is permitted only mediated access to Windows 2000 system resources. 
In other words, any user mode requests for objects or services must pass through the Executive 
Services components in the kernel mode to obtain access. In addition to supporting native 
32-bit Windows APIs (application programming interfaces), a variety of user mode 
subsystems enable Windows 2000 to emulate Win16 and DOS environments, and even per- 
mit OS/2 character mode and POSIX.1-compliant software to be executed. 


Windows 2000 supports three core environment subsystems: 


a Win32: Supports Windows 2000, Windows NT, Windows 95, and Windows 98 
32-bit applications directly, and, through emulation of virtual DOS machines 
(VDMs), supports both Windows 16-bit and DOS applications 


a POSIX: Supports POSIX.1 applications, but these have only limited functionality; 
third-party solutions (most notably, those from SoftWay Systems) offer consider- 
ably more powerful and capable POSIX implementations for Windows 2000 


a OS/2: Supports character-mode OS/2 1.1 applications (unfortunately, this makes 
most modern GUI-based OS/2 applications unusable in this environment; here, 
adds-ons to extend this functionality are available from Microsoft and third parties) 


Each subsystem is built around an API that enables suitable Win16, DOS, OS/2, or POSIX 
applications to run by emulating their native operating systems. But even though other subsys- 
tems may be involved in some applications, the Win32 subsystem controls the Windows 2000 
user interface and mediates all input/output requests for all other subsystems. In that sense, it is 
the core interface subsystem for applications in user mode. 


As part of the Windows 2000 user mode, the security subsystem is solely responsible for the 
logon process. The security subsystem works directly with key elements in the kernel mode 
to verify the username and password for any logon attempt, and permits only valid combi- 
nations to obtain access to a system. Here’s how: When a logon attempt occurs, the security 
subsystem creates an authentication package that contains the username and password 
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provided in the Windows 2000 Security logon window. This authentication package is then 
turned over to the kernel mode, where a module called the security reference monitor 
(SRM)—the portion of the security subsystem that verifies usernames and passwords against 
the security accounts database—examines the package and compares its contents to a secu- 
rity accounts database. If the logon request is invalid, an incorrect logon message is returned 
to the user mode. For valid requests, the SRM constructs an access token, which contains a 
summary of the logged-on user’s security access rights. The token is then returned to the 
Security subsystem used to launch the shell process in user mode. 


To gain access to the logon interface of Windows 2000, the user must enter a special 
key combination called the Windows 2000 attention sequence. This is done by press- 
ing Ctrl+Alt+Delete simultaneously. The attention sequence invokes the Windows 2000 
logon process; because this key sequence cannot be faked remotely, it guarantees that 


this process (which also resides in a protected memory area) is not subject to manipu- 
lation by would-be crackers. 


Kernel Mode 


The kernel mode, which is a highly privileged processing mode, defines the inner workings, 
or kernel, of Windows 2000. All components in kernel mode take execution priority over user 
mode subsystems and processes. In fact, some key elements within the kernel mode remain res- 
ident in memory at all times, and cannot be swapped to disk by the Virtual Memory Manager. 
This is the part of the operating system that handles process priority and scheduling (it’s what 
provides the ability to preempt executing processes and schedule new processes, which is at the 
heart of any preemptive multitasking operating system, such as Windows 2000). 


The kernel insulates hardware and core system services from direct access by user applica- 
tions. That’s why user applications must request any accesses to hardware or low-level 
resources from the kernel mode. If the request is permitted to proceed—and this mediated 
approach always gives Windows 2000 a chance to check any request against the access per- 
mitted by the access token associated with the requester—the kernel handles the request and 
returns any related results to the requesting user mode process. This mediated approach also 
helps maintain reliable control over the entire computer and protects the system from ill- 
behaved applications. At a greater level of detail, the kernel mode may be divided into three 
primary subsystems. These are the Executive Services, the kernel, and the hardware abstrac- 
tion layer (HAL), each of which is discussed in the following subsections. 


Executive Services 


The Executive Services define the interfaces that permit kernel and user mode subsystems 
to communicate. The Windows 2000 Executive Services consist of several modules: 


a I/O Manager 

a Security Reference Monitor (SRM) 

a Internal Procedure Call (IPC) Manager 
a Virtual Memory Manager (VMM) 
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m Process Manager 

a Plug and Play Manager 
a Power Manager 

a Windows Manager 

a File Systems Manager 
a Object Manager 

a Graphics device drivers 


The I/O Manager handles all operating system input and output. The I/O Manager receives 
requests for I/O services from applications, determines what driver is needed, and requests 
that driver for the application. The I/O Manager is composed of the following components: 


mw Cache Manager: Handles disk caching for all file systems. This service works with 
the Virtual Memory Manager to maintain performance. It also works with the file 
system drivers to maintain file integrity. 


a Network drivers: Actually a subarchitecture in and of itself, network drivers are the 
software components that enable communication on the network. 


a Device drivers: Minidrivers that are 32-bit and multiprocessor-compatible that 
enable communication with devices. 


The Security Reference Monitor compares the access rights of a user (as encoded in an 
access token) with the access control list (ACL) associated with an individual object. If the 
user has sufficient rights to honor an access request after the access token and ACL are rec- 
onciled, the requested access will be granted. Whenever a user launches a process, that process 
runs within the user’s security context, and inherits a copy of the user’s security token. This 
means that under most circumstances, any process launched by a Windows 2000 user can- 
not obtain broader access rights than those associated with the account that launched it. 


The Internal Procedure Call (IPC) Manager controls application communication with 
server processes such as the Win32 subsystem—the set of application services provided by 
the 32-bit version of Microsoft Windows. This makes applications behave as if dynamic link 
library (DLL) calls are handled directly, and helps to explain the outstanding ability of 
Windows 2000 to emulate 16-bit DOS and Windows run-time environments. 


The Virtual Memory Manager (VMM) keeps track of the addressable memory space in 
the Windows 2000 environment. This includes both physical RAM and one or more pag- 
ing files on disk, which are called virtual memory when used in concert. The operation of 
the VMM will be discussed in more detail later in this chapter. 


The Process Manager primarily tracks two kernel-dispatched objects: processes and threads. 
It is responsible for creating and tracking processes and threads, and then for deleting them 
(and cleaning up) after they're no longer needed. 


The Plug and Play Manager handles the loading, unloading, and configuration of device 
drivers for Plug and Play hardware. This manager allows the hot-swapping of devices and 
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on-the-fly reconfiguration. Additionally, if a non-Plug-and-Play device uses a Plug-and-Play 
supporting device driver, it can be controlled through this manager. 


The Power Manager is used to monitor and control the use of power. Typically, the services 
offered by the Power Manager are employed on notebook computers running on batteries 
or in other environments in which power is an issue. Some of the power-saving features 
offered include hard drive and CD-ROM drive power down, video/monitor shutdown, and 
peripheral disconnection. 


The Windows Manager introduces a method of network-based centralized control to 
Windows 2000. It can be used to distribute software, manage systems remotely, and provide 
a programming interface for third-party management software. 


The File System Manager is responsible for maintaining access and control over the file systems 
of the Windows 2000 environment. The File System manager controls file I/O transfers for all 
the file systems. Each 32-bit, protected-mode redirector is implemented as a file system driver. 


The Object Manager manages all system objects by maintaining object naming and secu- 
rity functions. It allocates system objects, monitors their use, and removes them when they 
are no longer needed. The Object Manager maintains the following system objects: 


a Directory objects 

a ObjectType objects 

a Link objects 

a Event objects 

a Process and Thread objects 
a Port objects 


a File objects 
The Kernel 


All processes in Windows 2000 consist of one or more threads coordinated and scheduled 
by the kernel. Executive Services use the kernel to communicate with each other concern- 
ing the processes that they share. The kernel runs in privileged mode along with the HAL 
and the other Executive Services. This means that the kernel is allowed direct access to all 
system resources. It cannot be paged to disk, meaning that it must run in real memory. A mis- 
behaved kernel process can stall or crash the operating system—a primary reason why direct 
access to this level of system operation is not available to user mode applications. 


The Hardware Abstraction Layer (HAL) 


The hardware abstraction layer (HAL) ultimately controls all direct access to hardware. 
This is the only module written entirely in low-level, hardware-dependent code. Its goal is 
to isolate any hardware-dependent code in order to prevent direct access to hardware. It is 
the HAL that helps to make Windows 2000 scaleable across multiple processors. 


Chapter Summary 21 


Memory Architecture 


The memory architecture of Windows 2000 helps make this operating system robust, 
reliable, and powerful. As noted earlier, Windows 2000 Professional can manage as much 
as 4 GB of RAM. 


Windows 2000 uses a flat (non-multidimensional) 32-bit memory model. It is based on a 
virtual memory, demand paging method that is a flat, linear address space of up to 2 GB 
allocated to each 32-bit application. Non-32-bit Windows applications, such as Win16, 
MS-DOS, and OS/2, are managed similarly except that all subsystem components, including 
the actual application, run within a single 2 GB address space. 


The unit of memory that the Virtual Memory Manager manipulates is called a page. A 
tm page is 4 KB in size. Pages are stored to and retrieved from disk-based files called page 
files or paging files. These files are also used for memory reindexing and mapping to 


avoid allocating memory between unused contiguous space or to prevent fragmenta- 
tion of physical memory. 


The Windows 2000 memory model is a flat model that grows according to the demand for 
memory, as opposed to every section of memory having a fixed role (as in the problematic 
Conventional, Expanded, HMA, and Extended Memory architecture present in MS-DOS 
and Windows 3.x). 


CHAPTER SUMMARY 


o This chapter introduced you to the features and architecture of Windows 2000. 
Windows 2000 is a product family with at least four members: Professional, Server, 
Advanced Server, and Datacenter Server. Windows 2000 offers a distinct operating envi- 
ronment, which boasts portability, multitasking, multithreading, multiple file systems 
(FAT, FAT32, NTFS), Active Directory, robust security, multiple clients, multiple proces- 
sors, wide application support, large RAM and storage capacity, and a wide range of 
network connectivity options. Windows 2000 is an inherently networkable operating 
system with built-in connectivity solutions for NetWare, Macintosh, and TCP/IP. This 
allows easy implementation on multivendor networks. 


I Windows 2000 has specific minimum hardware requirements for the Intel platform. 
Additionally, the hardware compatibility list (HCL) lists all devices known to be com- 
patible with Windows 2000. 


o Windows 2000 can participate in either of two networking models—workgroup 
or domain. 


I Windows 2000 is based on a modular programming technique. Its main processing mech- 
anism is divided into two modes. User mode hosts all user processes and accesses resources 
via the Executive Services. The kernel mode hosts all system processes and mediates all 
resource access. The separation of modes provides for a more stable and secure computing 
environment. User mode supports the application subsystems that enable Windows 2000 
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to execute DOS, WIN16, WIN32, POSIX, and OS/2 software. Kernel mode’s Executive 
Services manage all operations, including I/O, security, IPC, memory, processes, Plug and 
Play support, power, distributed control, file systems, objects, and graphical devices. 


o The Windows 2000 virtual memory model combines the use of both physical RAM 
and paging files into a demand paging mechanism to maximize memory use and effi- 
ciency. Windows 2000 is easy to use, offers new storage capabilities, provides improved 
Internet access, and maintains strict security. 


KEY TERMS 


Active Directory — A centralized resource and security management, administration, 
and control mechanism used to support and maintain a Windows 2000 domain. The 
Active Directory is hosted by domain controllers. 


AppleTalk — The network protocol stack used predominantly in Apple Macintosh net- 
works; this protocol is bundled with Windows 2000. 


application programming interface (API) — A set of software routines referenced by 
an application to access underlying application services. 


architecture — The layout of operating system components and their relationships to one 
another. 


client — A computer used to access network resources. 


cooperative multitasking — A computing environment in which the individual applica- 
tion maintains control over the duration that its threads use operating time on the CPU. 


Data Link Control (DLC) — A low-level network protocol designed for IBM connec- 
tivity, remote booting, and network printing. 


demand paging — The act of requesting free pages of memory from RAM for an active 
application. 


domain — A centralized enterprise model used in Microsoft networks. 


domain controller (DC) — A computer that maintains the domain’s Active Directory, 
which stores all information and relationships about users, groups, policies, computers, 
and resources. 


domain model — The networking setup in which there is centralized administrative and 
security control. One or more servers are dedicated to the task of controlling the domain, 
providing access and authentication for shared domain resources to member computers. 


dynamic link library (DLL) — A Microsoft Windows executable code module that is 
loaded on demand. Each DLL performs a unique function or small set of functions 
requested by applications. 


Executive Services — The collection of kernel mode components designed for operat- 
ing system management. 
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FAT (file allocation table) or FAT16 — The file system used in versions of MS-DOS. 
Supported in Windows 2000 in its VFAT form, which adds long filenames and 4 GB 
file and volume sizes. 


FAT32 — The 32-bit enhanced version of FAT introduced by Windows 95 OSR2, and 
which expands the file and volume size of FAT to 32 GB. FAT32 is supported by 
Windows 2000. 


hardware abstraction layer (HAL) — One of the few components of the Windows 
2000 architecture that is written in hardware-dependent code. It is designed to protect 
hardware resources. 


hardware compatibility list (HCL) — Microsoft’s updated list of supported hardware 
for Windows 2000. 


Kerberos — An encryption authentication scheme employed by Windows 2000 to verify 
the identity of a server and a client before actual data is transferred. 


kernel — The core of the Microsoft Windows 2000 operating system. It is designed to 
facilitate all activity within the Executive Services. 


kernel mode — The level where objects can only be manipulated by threads directly 
from an application subsystem. 


mode — A programming and operational separation of components, functions, and services. 


MS-DOS — One of the most popular character-based operating systems for personal 
computers. Many DOS concepts are still in use by modern operating systems. 


multiprocessing — The ability to distribute threads among multiple CPUs on the 
same system. 


multitasking — The ability to run more than one program at the same time. 


multithreading — The ability of an operating system and hardware to execute multiple 
pieces of code (or threads) from a single application simultaneously. 


New Technology File System (NTFS) — The high-performance file system supported 
by Windows 2000, which offers file-level security, encryption, compression, auditing, 
and more. Supports volumes up to 16 Exabytes theoretically, but Microsoft recommends 
volumes not exceed 2 Terabytes. 


NWLink — Microsofts implementation of Novell’s IPX/SPX protocol, used for 
Microsoft Networking or for facilitating connectivity with Novell networks. 


object — A collection of data and/or abilities of a service that can be shared and used by 
one or more processes. 


operating system — Software designed to work directly with hardware to provide a 
computing environment within which production and entertainment software can exe- 
cute, and which creates a user interface to allow human interaction with the computer. 


OS/2 — An operating system developed by IBM. Windows 2000 offers some OS/2 
application support. 
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page — An individual unit of memory that the Virtual Memory Manager manipulates 
(moves from RAM to paging file and vice versa). 


peer-to-peer — A type of networking in which each computer can be a client to other 
computers, and act as a server as well. 


Plug and Play — The ability of Windows 2000 to recognize hardware, automatically 
install drivers, and perform configuration changes on the fly. 


POSIX — A subsystem that is sanctioned by the IEEE for maintaining consistency 
between Windows 2000 and various flavors of Unix. 


preemptive multitasking — A computing environment in which the operating system 
maintains control over the duration of operating time any thread (a single process of an 
application) is granted on the CPU. 


process — A collection of one or more threads. 
server — The networked computer that responds to client requests for network resources. 


TCP/IP (Transmission Control Protocol/Internet Protocol) — A suite of proto- 
cols evolved from the Department of Defense’s ARPANet. It is used for connectivity in 
LANs as well as the Internet. 


thread — The most basic unit of programming code that can be scheduled for execution. 


user mode — The area in which private user applications and their respective 
subsystems lie. 


virtual memory — A Windows 2000 kernel service that stores memory pages that are not 
currently in use by the system in a paging file. This frees up memory for other uses. Virtual 
memory also hides the swapping of memory from applications and higher-level services. 


Virtual Memory Manager (VMM) — The part of the operating system that handles 
process priority and scheduling, providing the ability to preempt executing processes 
and schedule new processes. 


Win16 — The subsystem in Windows 2000 that allows for the support of 16-bit Windows 
applications. 


Win32 — The main 32-bit subsystem used by Win32 applications and other application 
subsystems. 


Windows 2000 Advanced Server — The new Microsoft network operating system 
(NOS) version designed to function as a high-end resource on a network. 


Windows 2000 Datacenter Server — An enhanced version of Windows 2000 Server 
developed to host high-end applications, as well as support data warehousing, real-time 
transaction processing, and enterprise Web site hosting. 


Windows 2000 Professional — The new Microsoft NOS version designed to function 
as a client/workstation on a network. 


Windows 2000 Server — The new Microsoft NOS version designed to function as a 
resource host on a network. 
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Windows 3.x — An older, 16-bit version of Windows. Windows 2000 supports backward 
compatibility with most Windows 3.x applications. 


Windows 95 — The 32-bit version of Windows that can operate as a standalone system 
or in a networked environment. 


Windows 98 — An updated version of Windows 95 with improved Internet and net- 
work connectivity. 


Windows for Workgroups — A version of Windows 3.x that includes minimal network 
support to allow the software to act as a network client. 


Windows NT — The Microsoft network operating system that was the predecessor to 
Windows 2000. 


workgroup — A networking scheme in which resources, administration, and security are 
distributed throughout the network. 


workgroup model — The networking setup in which users are managed jointly 
through the use of workgroups to which users are assigned. 


REVIEW QUESTIONS 


1. Which of the following application environments does Windows 2000 support at least 
minimally? 
a. PICK 
b. SunOS 
c. OS/2 
d. X-Windows 


2. Windows 2000 supports of memory and of 
disk space. 


3. Which of the following are kernel mode components in Windows 2000? (Choose all 
that apply.) 
a. Virtual DOS machines 
b. Security Reference Monitor 
c. hardware abstraction layer 
d. Win16 subsystem 
4. Windows 2000 supports only cooperative multitasking. True or False? 
5. Windows 2000 supports the HPFS file system. True or False? 


6. Windows 2000 has inherent support for facilitating connectivity to which of the fol- 
lowing? (Choose all that apply.) 


a. Novell NetWare 
b. Macintosh printers 
c. Linux 

d. TCP/IP networks 
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Ta 


10. 


11. 


12. 


Memory pages are stored in units of: 
a. 2 KB 

b. 4 KB 

c. 16 KB 

d. 64 KB 


. Which of the following operating systems can be used as a client on a Windows 2000 


network? (Choose all that apply.) 
a. Windows for Workgroups 

b. Windows NT 4.0 Workstation 
c. MS-DOS 

d. Windows 98 


. If you want users to share resources, but have no concern for local security on the sys- 


tem, which operating system would be your best choice? 
a. Windows 98 

b. Windows NT Workstation 

c. Windows 2000 Professional 

d. Windows 2000 Advanced Server 


Which of these configuration specifications will allow for the installation of 
Windows 2000 Professional? (Choose all that apply.) 


a. Intel 166 MHz Pentium, 32 MB of RAM, 2 GB disk space 
b. Compaq Alpha, 48 MB of RAM, 2 GB disk space 

c. Intel 486DX/66, 16 MB of RAM, 800 MB disk space 

d. Intel 133 MHz Pentium, 24 MB of RAM, 2 GB disk space 


A dual-boot computer hosts both Windows 98 and Windows 2000 Professional. You 
need to download an 8 GB datafile, which will be used by both OSs. What file system 
should you use to format the host volume? 


a. FAT 
b. FAT32 
c. NTFS 


You are setting up a computer for the purpose of sharing files. Each user connecting will 
need to have specific levels of access based on their identity. You also want the security 
system to employ encryption authentication to verify the identity of both the server and 
client before data transfer can occur. Which operating system would be the most effec- 
tive solution? 


a. Windows 98 

b. Windows 2000 Professional 
c. Windows NT Workstation 
d. Windows 2000 Server 


13. 


14. 


15. 


16. 
17. 


18. 


19. 


20. 
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The two networking models supported in Windows 2000 are and 


The three file systems supported in Windows 2000 are 
„and 


When a user presses the Ctrl+Alt+Delete key combination in Windows 2000 after 
booting, what happens? 


a. The computer reboots. 

b. The logon screen appears. 

c. A “blue screen of death” occurs. 

d. A command prompt appears. 

Windows 2000 runs on top of DOS. True or False? 

Which of the following are required to install Windows 2000 on Intel-based computers? 
a. an SCSI CD-ROM drive 

b. a tape backup device 

c. a network interface card 

d. none of the above 

Windows 2000 was designed by Microsoft to replace what other operating system? 
a. Windows 98 

b. Windows NT 

c. Windows for Workgroups 

d. Windows CE 


Administrators desiring a centralized model of resource management should consider 
the network model. 


a. workgroup 

b. domain 

All direct access to hardware is mediated by which component? 
a. kernel 

b. Win32 subsystem 

c. hardware abstraction layer 


d. Executive Services 


. Windows 2000 Professional natively supports processors. 


a. 1 
b. 2 
c. 4 
d. 32 
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22. 


23. 


24. 


25. 


Windows 2000 includes native support for what types of security hardware? 
a. voice recognition 

b. smart cards 

c. retinal scanners 

d. body heat imaging 


Windows NT Professional clients can print to Macintosh printers using the AppleTalk 
protocol. True or False? 


When a DOS application that is used to manipulate files on a hard drive is launched 
on a Windows 2000 Professional system, in what mode does the process execute? 


a. user 

b. kernel 

c. protected 
d; IPC 


What supported platforms allow the installation of Windows 2000 to occur over a 
network? (Choose all that apply.) 


a. Intel 

b. PowerPC 

c. Compaq Alpha 
d. MIPS 


HANDS-ON PROJECTS 


A 


Project 1-1 


To 


explore the desktop: 


1. Boot and log on to a Windows 2000 Professional system by pressing Ctrl+Alt+Delete. 


2. Notice the icons on the desktop (see Figure 1-5). 


3. Double-click My Documents. This reveals the default storage location for your per- 


sonal documents, faxes, and pictures. 


. Click the File menu, then click Close. 
. Double-click My Computer. This reveals a list of all drives present on the system, 


plus a link to the Control Panel. 


. Click the File menu, then click Close. 
. Double-click My Network Places. This reveals the interface used to add new net- 


work connections, a link to the entire network, and a list of any recently accessed 
shares from the network. 


. Click the File menu, then click Close. 
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My Documents a 


Figure 1-5 Windows 2000 Professional desktop 


9. Double-click the Recycle Bin. This reveals all items that have been deleted but are 
still recoverable. 


10. Click the File menu, then click Close. 


“i Project 1-2 
"poet | LO explore the Start menu: 


1. Click the Start button on the taskbar (see Figure 1-6). 


My Documents 


= z > (Fn Communications 


(53 Microsoft Proxy Client > LÀ Entertainment 
r (È paintshoppros > Ed Games 
(startup » È System Tools 
j A ‘WinZip p ĜA Address Book 
> & internet Explorer Calculator 
Éa Outlook Express 


GJ Windows Explorer 


An | net... | Y Paint Y WordPad 
Figure 1-6 Start button items 
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13. 


. Notice the items that occur in the Start menu by default: Windows Update, Programs, 


Documents, Settings, Search, Help, Run, and Shut Down. 


. Click Shut Down. This reveals a dialog box with a list where you can select to log 


off the current user account, restart, or shut down the system. 


. Click Cancel. 
. Click Start, then click Run. This reveals the Run dialog box, where you can enter a 


path and filename to launch. 


. Click Cancel. 
. Click Start, then click Help. This opens the Windows Help system. Explore this 


interface. 


. Close the Help system by clicking the Close button E] in the upper-right corner of 


the dialog box. 


. Click Start, then point to Search. This opens a menu with three selections: For Files 


or Folders, On the Internet, and For People. Each of these is an interface used to 
locate file objects, Internet objects, or people, respectively. 


. Click Start, then point to Settings. This opens a menu with four items: Control Panel, 


Network and Dial-up Connections, Printers, and Taskbar & Start menu. 


. Click Start, then point to Documents. This opens a menu that lists fifteen of the 


most recently accessed documents or files. 


. Click Start, then point to Programs. This opens the first of several levels of menus in 


which all of the applications, tools, and utilities of the system are organized for easy 
access. Explore this multilevel menu. 


Look at but don’t select Windows Update. When launched, Windows Update attempts 
to connect to the Microsoft Web site. From the special update site, new files and 
updated components for Windows 2000 can be downloaded. 


Ñ Project 1-3 
"project To view the Windows 2000 administration tools: 


de 


Click Start, point to Settings, then point to Control Panel. This opens the Control 
Panel window (see Figure 1-7). 


. Notice the tools and utilities in the Control Panel. 


3. Double-click the Date/Time applet. This reveals the Date/Time interface, where the 


current time and date can be changed. 


. Click Cancel. 
. Double-click the Fonts applet. This reveals a list of all the fonts currently present on 


the system. 


. Click Back in the button bar to return to the Control Panel. 


. Double-click Administrative Tools. This reveals all of the administrative tools for 


Windows 2000. 
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Figure 1-7 Control Panel tools 


8. Double-click Computer Management. This opens an MMC console, where you 
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can access information on a wide range of components. Explore this interface but be 
careful not to make any changes. 


9. Close Computer Management by clicking El in the upper-right corner of the window. 
10. Click the File menu, then click Close. 


Project 1-4 
To explore Task Manager: 


1. Right-click over a blank area of the taskbar. This reveals a menu. Select Task 


Manager from the menu. 


2. Click the Applications tab of Task Manager (see Figure 1-8). This lists all applica- 


tions currently active in user mode. 


3. Click the Processes tab of Task Manager. This lists all processes currently active. It 
also lists details about each process such as its process ID, its CPU usage percentage per 


second, and its total CPU execution time. 


4. Click the Performance tab of Task Manager. This tab shows graphs detailing the 
current and historical use of the CPU and memory. This tab also lists details about 


memory consumption, threads, and handles. 


5. Click the View menu, then click Show Kernel Times. This alters the graphs so 
activities of the kernel mode are shown in red and activities of the user mode are 


shown in green. 


6. After watching this interface for a while, close it by selecting File, Exit Task Manager 


from the menu. 
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Figure 1-8 Task Manager, Applications tab 
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To customize the Taskbar and Start menu: 


1. Click Start, point to Settings, then click Taskbar & Start Menu. 


2. On the General tab of the Taskbar & Start menu properties, notice the check boxes 
and their current selections. 


3. Select the Auto Hide item. This causes the taskbar to slide off the screen when not in 
use. When you place the insertion point near the bottom of the screen, it will reappear. 


4. Click the Advanced tab. 


5. Click the Clear button to empty the Documents folder. This clears the list of 
recently accessed documents from the folder. 


6. In the list of Start menu settings, select Display Administrative Tools, and Expand 
Control Panel. 


7. Click OK. 


8. Explore your changes. First, move the insertion point to the middle of the screen and 
click. Notice that the taskbar disappears. Move the insertion point near the bottom of 
the screen to watch the taskbar reappear. 


9. Click Start, point to Settings, then point to Control Panel. Notice that a menu 
with all of the Control Panel contents is now present. 
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10. Click Start, point to Programs, then point to Administrative Tools. You may need 
to expand the menu by clicking the down arrows. This reveals a menu with the same 
contents as the Administrative Tools icon of the Control Panel. 


11. Click a blank portion of the desktop to close the Administrative Tools menu. 


4 Project 1-6 
"a | To customize the desktop: 


. Right-click a blank area of the desktop. 
. Select New, then Shortcut from the menu. 
. Click Browse in the window that appears. 


. Locate and select Notepad.exe in the main Windows 2000 directory (WINNT). 
Click OK. 


. Click Next. 


FON PF 


. Click Finish. A shortcut to Notepad now appears on the desktop. 


5 

6 

7. Right-click over a blank area of the desktop. 

8. Select Arrange Icons, then Auto Arrange. 

9. Notice that the icons on the desktop have repositioned themselves in a uniform pattern. 
10. Right-click over a blank area of the desktop. 

11. Select Properties. 


12. On the Background tab, take note of the current selection, then select an item from 
the list of background images. 


13. Click OK. 


14. To restore the desktop to its original settings, repeat steps 10—13 but use the original 
setting. Delete the shortcut you created by selecting it and pressing the Delete key, 
and then confirm the deletion. 


CASE PROJECTS 
iT 1. You are planning a network in which users need to have a centralized location, where 
Project 


discretionary access control is a necessity. This will be an environment in which con- 
sistency is a must. 


Required Result 


o All users must be able to access the server from any computer within the network 
through a single logon. 
Optional Desired Results 


I Users must also be required to log on before accessing anything on their local 
machine. 


34 Chapter 4 A First Look at Windows 2000 Professional 


I Users will have the exact same desktop GUI. 
Proposed Solution 


o Install Windows 2000 Server as the server platform. Establish a Windows 2000 
domain. On half of the users’ desktops, install Windows 98, and on the other half, 
install Windows 2000 Professional. Have all computers configured as part of the 
Windows 2000 domain. 


Which results does the proposed solution produce? Why? 


a. The proposed solution produces the required result and produces both of the 
optional desired results. 


b. The proposed solution produces the required result, but only one of the optional 
desired results. 


c. The proposed solution produces the required result, but neither of the optional 
desired results. 


d. The proposed solution does not produce the required result. 


2. You have been instructed to evaluate the status of the network environment at Site A. 
Your goal is to evaluate the current network and determine, first of all, whether 
upgrading is necessary. If so, then the next step is to determine which operating sys- 
tem will be the migration choice: Windows 2000 Professional or Windows 98. Finally, 
determine what steps need to occur before the migration can proceed. 


Site A has 220 computers currently running Windows 3.1.They are running all 16-bit 
applications from the DOS and Windows environments. They plan on migrating to 
Microsoft Office 2000. Each computer has the following hardware configuration: 


I Intel 486 DX4/100 

a 8 MB of RAM 

a 540 MB hard drive 

o NIC (network interface card) 


o VGA monitor 


Users will not be allowed to share files at the desktop. They will not roam from com- 
puter to computer, so all of their files can be stored locally on their own computers. 


Which migration path makes the most sense? Why? 
a. No migration 

b. Windows 2000 Professional 

c. Windows 98 


If migration to Windows 2000 Professional is necessary, what steps are necessary to 
establish optimum but cost-effective performance? 


